This article was last reviewed for Debian 9 (Stretch).

Dovecot installation and configuration (Debian, repository)

Author: Stefán Örvar Sigmundsson
Initial publication:
Last updated:
Written in: English (United Kingdom)

Dovecot is a free and open-source IMAP server that has become very popular since its initial release in 2002. This article will demonstrate how to install and configure the Dovecot IMAP service on Debian or its derivatives such as Ubuntu and Linux Mint. Dovecot will be configured for the domain name and its users will be the system users.


The Dovecot IMAP service can be installed from the official Debian repository using APT:

root@computer:~# apt --assume-yes install dovecot-imapd


A directory is created to contain the log files:

root@computer:~# mkdir /var/log/dovecot/

A file is created to contain the log for Dovecot in a dedicated directory:

root@computer:~# touch /var/log/dovecot/dovecot.log

There is a lot of clutter in the default configuration file. Clearing it will ensure that there is no conflict nor confusion:

root@computer:~# > /etc/dovecot/dovecot.conf


The dovecot.conf file is the global configuration file:

log_path = /var/log/dovecot/dovecot.log

mail_location = maildir:~/Maildir/

protocols = imap

passdb {
	driver = pam

userdb {
	driver = passwd


Transport Layer Security (TLS) encryption can be added to the configuration:

ssl = required

ssl_cert = </etc/ssl/

ssl_key = </etc/ssl/

SASL for Postfix

Simple Authentication and Security Layer (SASL) authentication for Postfix can be added to the configuration:

service auth {
	unix_listener /var/spool/postfix/private/auth {
		group = postfix
		mode = 0660
		user = postfix


Log rotation

A file is created to contain the logrotate configuration for Dovecot:

root@computer:~# touch /etc/logrotate.d/dovecot

The logrotate configuration is the following:

	maxage 365
	rotate 12
Sets the configuration scope for the subsequent section. The pattern matches all files (*) ending with the extension log in the /var/log/dovecot/ directory.
Copy the contents of the log file being rotated into a new file and then truncate the original log file.
maxage 365
Remove log files older than 365 days.
Do not consider it an error if a log file is missing.
Perform a log rotation monthly.
Do not perform a log rotation on an empty log file.
rotate 12
Perform 12 log rotations before older log files are removed.

Directory ownership and permissions

The configuration directory should be protected:

root@computer:~# chown --recursive root:adm /etc/dovecot/
root@computer:~# chmod --recursive 0770 /etc/dovecot/

The log directories should be protected:

root@computer:~# chown --recursive dovecot:adm /var/log/dovecot/
root@computer:~# chmod --recursive 0750 /var/log/dovecot/

